explain
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and explain untrusted external data such as source code and git history. * Ingestion points: Uses Read, Grep, and Bash to access code and logs. * Boundary markers: No explicit markers defined to separate instructions from data. * Capability inventory: Access to Bash provides a high-privilege execution environment. * Sanitization: Instructions lack guidance on sanitizing code content before processing.
- [Command Execution] (LOW): The skill requests Bash tool access. This is necessary for its functionality but increases the overall risk profile when combined with data ingestion.
Recommendations
- AI detected serious security threats
Audit Metadata